Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Security Domains Overview

    Încărcat de

    Dudeviswa
    87 vizualizări6 pagini
    CISSP plan

    Titlu original

    CISSP Study Plan

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    PPTX, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    CISSP plan

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PPTX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    87 vizualizări6 pagini

    Security Domains Overview

    Încărcat de

    Dudeviswa
    CISSP plan

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PPTX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 6

    1.

    Security and Risk Management


    2. Asset Security
    3. Security Engineering
    4. Communications and Network Security
    5. Identity and Access Management
    6. Security Assessment and Testing
    7. Security Operations
    8. Software Development Security

    Domain Description

    Access Control This domain examines mechanisms and methods used to enable administrators and
    managers to control what subjects can access, the extent of their capabilities after authorization and
    authentication, and the auditing and monitoring of these activities.
    Some of the topics covered include
    Access control threats
    Identification and authentication technologies and techniques
    Access control administration
    Single sign-on technologies
    Attack methods
    Telecommunications and Network Security
    This domain examines internal, external, public, and private communication systems;
    networking structures; devices; protocols; and remote access and administration.
    Some of the topics covered include
    OSI model and layers
    Local area network (LAN), metropolitan area network (MAN), and wide area network (WAN)
    technologies
    Internet, intranet, and extranet issues
    Virtual private networks (VPNs), firewalls, routers, switches, andrepeaters
    Network topologies and cabling
    Attack methods

    Information Security Governance and Risk Management


    This domain examines the identification of company assets, the proper way to determine the
    necessary level of protection required, and what type of budget to develop for security
    implementations,
    with the goal of reducing threats and monetary loss.
    Some of the topics covered include

    Data classification
    Policies, procedures, standards, and guidelines
    Risk assessment and management
    Personnel security, training, and awareness

    Software Development Security


    This domain examines secure software development approaches, application security, and software
    flaws. Some of the topics covered include
    Data warehousing and data mining
    Various development practices and their risks
    Software components and vulnerabilities
    Malicious code

    Cryptography
    This domain examines cryptography techniques, approaches, and technologies. Some of the topics
    covered include
    Symmetric versus asymmetric algorithms and uses
    Public key infrastructure (PKI) and hashing functions
    Encryption protocols and implementation
    Attack methods
    Legal, Regulations, Investigations, and Compliance
    This domain examines computer crimes, laws, and regulations. It includes techniques for investigating
    a crime, gathering evidence, and handling procedures. It also covers how to develop and implement
    an incident-handling program.
    Some of the topics covered include
    Types of laws, regulations, and crimes
    Licensing and software piracy
    Export and import laws and issues
    Evidence types and admissibility into court
    Incident handling
    Forensics

    Security Operations
    This domain examines controls over personnel, hardware, systems, and auditing and monitoring
    techniques. It also covers possible abuse channels and how to recognize and address them. Some of
    the topics
    covered include
    Administrative responsibilities pertaining to personnel and job
    functions
    Maintenance concepts of antivirus, training, auditing, and resource
    protection activities
    Preventive, detective, corrective, and recovery controls
    Security and fault-tolerance technologies
    Business Continuity and Disaster Recovery Planning
    This domain examines the preservation of business activities when faced with disruptions or disasters.
    It involves the identification of real risks, proper risk assessment, and countermeasure implementation.
    Some of the topics covered include
    Business resource identification and value assignment
    Business impact analysis and prediction of possible losses
    Unit priorities and crisis management
    Plan development, implementation, and maintenance

    Physical (Environmental) Security


    This domain examines threats, risks, and countermeasures to protect facilities, hardware, data,
    media, and personnel. This involves facility selection, authorized entry methods, and environmental
    and safety
    procedures.
    Some of the topics covered include
    Restricted areas, authorization methods, and controls
    Motion detectors, sensors, and alarms
    Intrusion detection
    Fire detection, prevention, and suppression
    Fencing, security guards, and security badge types

    S-ar putea să vă placă și